diff options
author | Emmanuel Grumbach <emmanuel.grumbach@intel.com> | 2012-07-04 07:59:08 -0400 |
---|---|---|
committer | John W. Linville <linville@tuxdriver.com> | 2012-07-09 15:01:03 -0400 |
commit | b48d96652626b315229b1b82c6270eead6a77a6d (patch) | |
tree | bc2bff971eeb48d25c3398c0af586da62e395bb2 /drivers/net/wireless/iwlegacy/4965-mac.c | |
parent | c2ca7d92ed4bbd779516beb6eb226e19f7f7ab0f (diff) |
iwlegacy: don't mess up the SCD when removing a key
When we remove a key, we put a key index which was supposed
to tell the fw that we are actually removing the key. But
instead the fw took that index as a valid index and messed
up the SRAM of the device.
This memory corruption on the device mangled the data of
the SCD. The impact on the user is that SCD queue 2 got
stuck after having removed keys.
Reported-by: Paul Bolle <pebolle@tiscali.nl>
Cc: stable@vger.kernel.org
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'drivers/net/wireless/iwlegacy/4965-mac.c')
-rw-r--r-- | drivers/net/wireless/iwlegacy/4965-mac.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/drivers/net/wireless/iwlegacy/4965-mac.c b/drivers/net/wireless/iwlegacy/4965-mac.c index 509301a5e7e2..ff5d689e13f3 100644 --- a/drivers/net/wireless/iwlegacy/4965-mac.c +++ b/drivers/net/wireless/iwlegacy/4965-mac.c | |||
@@ -3405,7 +3405,7 @@ il4965_remove_dynamic_key(struct il_priv *il, | |||
3405 | return 0; | 3405 | return 0; |
3406 | } | 3406 | } |
3407 | 3407 | ||
3408 | if (il->stations[sta_id].sta.key.key_offset == WEP_INVALID_OFFSET) { | 3408 | if (il->stations[sta_id].sta.key.key_flags & STA_KEY_FLG_INVALID) { |
3409 | IL_WARN("Removing wrong key %d 0x%x\n", keyconf->keyidx, | 3409 | IL_WARN("Removing wrong key %d 0x%x\n", keyconf->keyidx, |
3410 | key_flags); | 3410 | key_flags); |
3411 | spin_unlock_irqrestore(&il->sta_lock, flags); | 3411 | spin_unlock_irqrestore(&il->sta_lock, flags); |
@@ -3420,7 +3420,7 @@ il4965_remove_dynamic_key(struct il_priv *il, | |||
3420 | memset(&il->stations[sta_id].sta.key, 0, sizeof(struct il4965_keyinfo)); | 3420 | memset(&il->stations[sta_id].sta.key, 0, sizeof(struct il4965_keyinfo)); |
3421 | il->stations[sta_id].sta.key.key_flags = | 3421 | il->stations[sta_id].sta.key.key_flags = |
3422 | STA_KEY_FLG_NO_ENC | STA_KEY_FLG_INVALID; | 3422 | STA_KEY_FLG_NO_ENC | STA_KEY_FLG_INVALID; |
3423 | il->stations[sta_id].sta.key.key_offset = WEP_INVALID_OFFSET; | 3423 | il->stations[sta_id].sta.key.key_offset = keyconf->hw_key_idx; |
3424 | il->stations[sta_id].sta.sta.modify_mask = STA_MODIFY_KEY_MASK; | 3424 | il->stations[sta_id].sta.sta.modify_mask = STA_MODIFY_KEY_MASK; |
3425 | il->stations[sta_id].sta.mode = STA_CONTROL_MODIFY_MSK; | 3425 | il->stations[sta_id].sta.mode = STA_CONTROL_MODIFY_MSK; |
3426 | 3426 | ||